Pages

Wednesday, December 31, 2014

Cyber breaches have kept the governments,
individuals and companies around the world busy in 2014 in protecting
their interests and assets. India has also taken few steps in 2014 in
the cyber security field though they are of preliminary nature.

Some of the areas
covered by the cyber security trends 2014 are policy and
legal framework, national cyber coordination centre, bitcoins,
e-commerce websites, cyber security obligations of directors, etc.

India has been facing many cyber
security challenges that are not easy to tackle. The year
2014 did not witness taking of any effective steps by Indian
government to tackle these challenges. The international nature of
cyber attacks would require a totally different approach towards
cyber crimes and cyber security in India. Keeping this in mind, even
the cyber law of India would be required to be suitably
amended or repealed.

The winter session of Indian Parliament is already
over with not much legislative success. Let us hope that in the next
session of Parliament, India would pay attention to cyber law and
cyber security related legal and regulatory issues.

Friday, November 21, 2014

India is trying to implement the Digital
India project to the best of its capabilities. The success
of Digital India project would depend upon maximum connectivity with
minimum cyber security risks. This is also a problem for India as
India has a poor
track record of cyber security.

In these circumstances cyber security needs urgent
attention of Indian government. In a positive development, the
National Cyber Coordination Centre (NCCC) of India may finally see
the light of the day and may become
functional very soon. The NCCC would help India is
fighting against national and international cyber threats. Very soon
it would be clear how far the BJP government would go to protect
Indian cyberspace.

Friday, July 4, 2014

India’s position regarding cyber security and
privacy protection has been exposed due to recent negative
developments that have severely affected the rights of Indian
citizens. It has now become very clear that India is a sitting duck
in both the fields of civil
liberties protections and cyber
security. It has also been well understood by Indian
citizens that privacy
rights in India is not charity but a constitutional right.
As a result it would be next to impossible for the Modi government to
fool Indian citizens anymore in this regard.

Cyber
security in India is an alien concept for Indian
government for long. Even the Modi government is currently not in a
position to tackle the cyber
security challenges of India with its current approach and
policies. Anybody can target India for various forms of cyber attacks
and cyber crimes and India has become a land of no resistance for the
crackers.

Whether it is Congress government or Bharatiya
Janata Party (BJP) government, none of them have done anything
significant in the directions of ensuring effective cyber security
laws and privacy
laws in India. For instance, the Modi government has done
nothing except summoning of few officials of United States for
blatant violation of privacy
rights of Indians and invading Indian cyberspace.

Friday, June 20, 2014

The cyber security threats emanating from malware
like Stuxnet,
Duqu,
Flame, Uroburos/Snake,
Blackshades,
FinFisher,
Gameover
Zeus (GOZ), etc are now well known. No country can afford
to ignore these cyber threats as computer systems are now essential
part of day to day functioning of governments around the world. The
cyberspace landscape of India is also fast
changing and suitable policies must be formulated by the
Modi government to tackle the same effectively.

Cyber security is an international issues and it
requires international
cooperation to be effective. For instance, the cyber
breach of Ebay has international legal ramifications and
one cannot contend that the place of establishment alone would feel
the consequences. However, there are some nations that are not in
favour of international technology transfer in the field of cyber
security. In one such incidence, India has opposed the proposal to
include cyber security technologies under the Wassenaar
Arrangement.

For instance, Ebay faced sophisticated cyber
attacks and as a result of the same it is facing legal
actions in United
States and European
countries. Similarly, the U.S. Department of Homeland
Security (DHS) has reported
that a hacking group had recently attacked a U.S. public utility and
compromised its control system network.

India is also not safe from these cyber attacks as
cyber security attacks ate global
in nature. Experts believe that the Indian cyberspace must
be protected
on a priority basis. This would not
be an easy task as the new government has received a
paralysed cyber security infrastructure in India in heritage.
Further, cyber security skills
development is also missing in India and we do not have
the appropriate cyber professionals to deal with sophisticated cyber
attacks.

According to experts, there is an urgent need to
formulate cyber
warfare policy of India (PDF) so that cyber warfare issues
can be effectively managed. Critical infrastructure protection is
also required
to be ensured in India.

The cyberspace landscape of India is fast changing
and if we cannot match its progress we would be left far behind in
the cyber security initiatives. Cyber security of India must be
strengthened at the policy and legal fronts so that there is a
holistic growth and development in this crucial field. Let us also
hope that the new government would consider cyber security as an
essential part of the national
security policy of India.

Saturday, March 22, 2014

Cyber attacks are global in nature as they are
designed like that only. Initially, cyber attacks were conducted more
on the side of fun but now they have become weapons of trans border
crimes. Countries have also realised the potential of a covert cyber
attacks to gain strategic and sensitive information from a country of
interest. In this entire scenario we have no international
legal issues of cyber attacks that can govern the position
at the international level.

Naturally, countries across the world are required
to manage international cyber threats at the national level. This is
not a very fruitful exercise but it gives a psychological boost to
the nations that their cyberspace and critical infrastructures are
safe from external cyber attacks. India is also following the
national cyber security approach to international
cyber security threats.

Sunday, March 16, 2014

Cyber security breaches have become a norm these
days. Whether it is an e-commerce website or a law firm, cyber
attacks have put them under grave risk. Any organisation having
online presence is vulnerable to cyber attacks and data theft. It is
not possible to completely safeguard the data and information stored
in an online environment. Sophisticated malware like Stuxnet,
Duqu,
Flame, Uroburos/Snake,
etc cannot be tackled with cyber security products.

At times the cyber attacks are so covert that they
remain in operation for years. It is in the larger interest of
cyberspace community that information about them is share as early as
possible. This is the reason that many jurisdictions have prescribed
cyber security breach notification requirements. Similarly, remedial
actions must be also be taken against such cyber attacks as soon as
possible so that further damage can be prevented.

The recent spate of cyber crimes and cyber attacks
that happened in India or having Indian connection is alarming to say
the least. The Karnataka CID is already
investigating the possible involvement of Enstage
Software’s staff in international ATM heist case. Similarly, the
search
exercise by the enforcement directorate (ED) of India upon
Bitcoin exchanges is also well known. Target
Corporation’s data breach is also being investigated
world over and legal proceeding against it is pending in numerous
jurisdictions, including India.

These are some of the examples that have reported
and many more such incidences have still not surfaced. This is so
because individuals and companies are not at all disclosing cyber
breaches to Indian authorities and agencies. India has still not
enforced strong and robust cyber
security breach disclosure norms.

While western countries and European Union are
working in the direction of protecting
consumer interests and cyber security yet India has
neglected this crucial field, informs Asia’s leading techno legal
law firm Perry4Law. Indian government has neglected and failed
to formulate a dedicated cyber
security law in India and this is creating a host of
problems for India, opined Perry4Law. As a result various cyber
security breaches in India are either ignored or they are not
properly prosecuted by Indian authorities. The position would change
very soon as these cyber breaches would raise complicated cyber law
and cyber security issues in the near future in India and they cannot
be ignored any more by Indian government, informs Perry4Law.

The real problem seems to be lax attitude of Indian
government and law enforcement agencies to seek proper and timely
cyber security breach information. These cyber security breaches need
a mandatory
reporting system that can be analysed and evaluated from
time to time ,opines Praveen Dalal, managing partner of Perry4Law and
leading techno legal expert of Asia.

Wednesday, March 12, 2014

Cyber security attacks have become very
sophisticated in nature. The recent malware named Uroburos/Snake
is another example of growing cyber espionage and cyber warfare among
various nations. The era of websites defacement is well over and
stealing of sensitive information is the new trend.

India is a very late starter as far as cyber
security is concerned. The speed of cyber security initiative of
India is still very slow. Further, there is no dedicated cyber
security law of India that can be used in cases of cyber
crimes, cyber attacks and cyber contraventions. The information
technology act, 2000 is ill suited to take care of the cyber security
related issues in India.

The telecom companies/internet services providers
(ISPs) are also not sharing information pertaining to cyber attacks
against their networks. As a result, a robust cyber security strategy
to counter cyber attacks cannot be formulated.

National Security Council Secretariat (NSCS) has
requested
Reliance Jio Infocomm to share potential cyber security threats on
India’s telecom networks. India has announced that cyber
security breach disclosure norm would be formulated very
soon. However, till now no such disclosure norms are applicable in
India against telecom companies/ISPs of India.

Strict enforcement of the license
conditions (PDF) and the proposed national
telecom security policy of India 2014 may change this
scenario in the near future. However, nothing is better than
formulating a good cyber security law of India that can establish a
regulatory regime for compulsory cyber security breach notifications
on the part of telecom companies/ISPs.

This is important as critical infrastructures of
India like automated
power grids, thermal
plants, satellites,
etc are vulnerable to diverse forms of cyber attacks. This is the
reason why NTRO has been assigned
the task of protecting the critical infrastructure of India. Till the
national cyber coordination centre (NCCC) is put
into place, national level cyber security coordination
would be missing.

Friday, January 24, 2014

Cyber security is a specialised
field that requires a totally different orientation unlike the traditional
educational system. India
is a slow mover when it comes to cyber security adoption. It is only in the
year 2013 that the cyber
security policy of India was announced.

As India
has ignored the cyber security field for a very long period, both technically
as well as legally, India
is finding it difficult to regulate cyber security related issues. Neither
individuals nor companies are interested in fulfilling with additional cyber
security obligations. The shortcomings of Indian cyber security initiatives
have been marvelously covered by the cyber
security trends of India (Pdf) as provided by Perry4Law Organisation.

The CERC of PTLB would play a crucial
role in meeting the training objectives of the cyber security policy of India
that has clearly mandated that Indian needs a cyber security trained workforce.
However, there is a big problem in achieving this objective of Indian
government. Presently there are very few institutions in India
that are providing cyber security trainings and skills development in India.

What is unique about these
initiatives of PTLB is that they provide both technical and legal inputs to
Indian government and private sector. These techno legal cyber security inputs
can be readily adopted by Indian government. In fact, many of the suggestions
and recommendations of perry4Law Organisation and PTLB have already been
accepted and incorporated into various cyber security initiatives declared by
Indian government from time to time.

It is only natural that the
initiatives of Perry4Law and PTLB would be essential part of the cyber security
policies and strategies of Indian government from time to time to ensure that
they become really successful.

Tuesday, January 14, 2014

India has reiterated its desire to constitute a
cyber command covering all the three segments of armed forces of
India. Previously the proposal was mooted in the month of May
2013. Now fresh interest has been shown in this crucial
are by the armed forces of India.

According to cyber security experts, a dedicated
cyber
warfare policy of India (Pdf) must be formulated as soon
as possible. The present effort of Indian government seems to be a
step towards that objective.

The year 2013 was a tough one for the India cyber
security and the year 2014 would bring its own share of problems for
Indian cyberspace. Let us hope that Indian government would be well
equipped to deal with the same.